|Linux, At Your Service|
Submitted by BobW on Friday, November 21, 2003 - 03:20
For the first few years of working with Linux I heard people talk about ports, protocols and services and I just hoped I could ignore them and keep getting my work done. Usually, this was the case but I eventually decided to bite the bullet and see what all this was about. This article won't tell you everything there is to know but it should help you put together the pieces.
One of the most helpful crib sheets in learning about all this stuff is
a file on your system.
In virtually all systems it is named
# # Network services, Internet style # # Note that it is presently the policy of IANA to assign a single well-known # port number for both TCP and UDP; hence, most entries here have two entries # even if the protocol doesn't support UDP operations. # # This list could be found on: # http://www.iana.org/assignments/port-numbers # # (last updated 2002 January 15) # # The port numbers are divided into three ranges: the Well Known Ports, # the Registered Ports, and the Dynamic and/or Private Ports. # # The Well Known Ports are those from 0 through 1023. # # The Registered Ports are those from 1024 through 49151 # # The Dynamic and/or Private Ports are those from 49152 through 65535 # #### UNASSIGNED PORT NUMBERS SHOULD NOT BE USED. THE IANA WILL ASSIGN # THE NUMBER FOR THE PORT AFTER YOUR APPLICATION HAS BEEN APPROVED ### # # # WELL KNOWN PORT NUMBERS # # The Well Known Ports are assigned by the IANA and on most systems can # only be used by system (or root) processes or by programs executed by # privileged users. # # Ports are used in the TCP [RFC793] to name the ends of logical # connections which carry long term conversations. For the purpose of # providing services to unknown callers, a service contact port is # defined. This list specifies the port used by the server process as # its contact port. The contact port is sometimes called the # "well-known port". # # To the extent possible, these same port assignments are used with the # UDP [RFC768]. # # The range for assigned ports managed by the IANA is 0-1023. # # Port Assignments: # # 0/tcp Reserved # 0/udp Reserved tcpmux 1/tcp # TCP Port Service Multiplexer tcpmux 1/udp # TCP Port Service Multiplexer ... ftp-data 20/tcp # File Transfer [Default Data] ftp-data 20/udp # File Transfer [Default Data] ftp 21/tcp # File Transfer [Control] fsp 21/udp # official is File Transfer, ftp use no udp ssh 22/tcp # SSH Remote Login Protocol ssh 22/udp # SSH Remote Login Protocol telnet 23/tcp # Telnet telnet 23/udp # Telnet
There is a whole lot to talk about already. If you look at the last few lines you will see lines that start with ftp, ssh and telnet. If you have never heard of any of those names you probably need to read a different article. However, if you do know what they are, a light may have just come on for you.
What these lines tell you is that ftp uses ports 20 and 21, ssh uses
port 22 and telnet uses port 23. If you use command line versions of
these programs you might have noticed you could specify a port number.
If you are curious, type
Looking back at the file you can see that each port number is followed by a slash and "tcp" or "udp". These are two standard Internet protocols. UDP is connectionless. What this means is that one computer can sent a message to another computer without asking permission first. The problem is that the sender will not know if the other system ever received the message. The buzzword here is unreliable.
The TCP protocol is reliable which just means that the sender and receiver talk to each other to make sure everything worked. Each protocol has a purpose. For example, when the systems want to establish a connection, sending a UDP message to that effect makes sense. It is just faster and easier.
So far, we have been talking about services that run on well known port numbers. Here are a few more that will likely be familiar to you.
smtp 25/tcp mail # Simple Mail Transfer smtp 25/udp mail # Simple Mail Transfer http 80/tcp # World Wide Web HTTP http 80/udp # World Wide Web HTTP pop2 109/tcp # Post Office Protocol - Version 2 pop2 109/udp # Post Office Protocol - Version 2 pop3 110/tcp # Post Office Protocol - Version 3 pop3 110/udp # Post Office Protocol - Version 3 nntp 119/tcp # Network News Transfer Protocol nntp 119/udp # Network News Transfer Protocol imap 143/tcp imap2 # Internet Message Access Protocol imap 143/udp imap2 # Internet Message Access Protocol imap3 220/tcp # Interactive Mail Access Protocol v3 imap3 220/udp # Interactive Mail Access Protocol v3 imaps 993/tcp # imap4 protocol over TLS/SSL imaps 993/udp # imap4 protocol over TLS/SSL
You will certainly know about port 80. In addition, you can see that the various mail protocols have an assortment of ports. imaps is a secure connection for fetching your mail from a mail server. I should mention that you now can see two uses of the word protocol. First, in TCP or UDP and second in the protocol of the actual content. For example, SMTP stands for Simple Mail Transfer Protocol. Don't get confused--TCP and UDP have to do with the protocol for getting the message to the other end. The second use of the word protocol has to do with the specifics of the message content.
SMTP is the most common way a computer sends email to another computer.
Your computer might send the message directly or it might send it thru
what is called a smart host. In any case, the mail message is
transfered by some computer connecting to the recipient computer using
port 25 and then communicating using the SMTP protocol. This is a
simple protocol and you can use your local telnet command to explore
how it works. Just for kicks, try a command like this
You should see a message about the connection succeeding and then you
are likely to not even get a prompt. If you are connected, try typing
sid@firefly:/tmp> telnet mail.osdn.com 25 Trying 188.8.131.52... Connected to mail.osdn.com. Escape character is '^]'. 220 sc8-osdn-mail.osdn.com ESMTP Exim 3.35 #1 Sun, 16 Nov 2003 11:44:51-0800 help 214-Commands supported: 214- HELO EHLO MAIL RCPT DATA AUTH 214 NOOP QUIT RSET HELP quit 221 sc8-osdn-mail.osdn.com closing connection Connection closed by foreign host. sid@firefly:/tmp>
Is this starting to make some sense? Ok, let me give you a new buzzword. When I performed the telnet connection, the remote computer was listening on port 25. This is actually just what it sounds like. There was a programming running that was just waiting for someone to try to connect to port 25. When telnet sent the request, that program established the connection. Some programs that are listening can only connect to one computer at a time, others can handle multiple connections.
Finally, I want to explain about the registered ports, which are the ports whose numbers are above 1024. In order for a program to listen on the ports that we have already covered, it has to be started as root. This didn't mean the program continued to run as root. This is actually pretty common. The apache web server, for example, is generally started as root, it does any necessary setup such as binding to port 80 and then changes it user ID to something less powerful--generally nobody or some other ordinary user.
On these higher numbered ports, any program can bind to them. Below I have included a few of the more common ones.
mysql 3306/tcp # MySQL mysql 3306/udp # MySQL x11 6000/tcp # X Window System x11 6000/udp # X Window System ... x11 6019/tcp # X Window System x11 6019/udp # X Window System x11 6063/tcp # X Window System x11 6063/udp # X Window System gnutella-svc 6346/tcp # gnutella-svc gnutella-svc 6346/udp # gnutella-svc gnutella-rtr 6347/tcp # gnutella-rtr gnutella-rtr 6347/udp # gnutella-rtr http-alt 8008/tcp # HTTP Alternate http-alt 8008/udp # HTTP Alternate http-alt 8080/tcp # HTTP Alternate (see port 80) http-alt 8080/udp # HTTP Alternate (see port 80)
The first one, mysql, should help explain why it doesn't seem to matter if MySQL is running on your local computer or another system. Communication with it is thru a port so the only thing that changes is the hostname in the connection message.
Ports 8008 and 8080 are of interest if you are testing out a new web server or want to run more than one web server on the same computer. Because you don't have to be root to bind to ports 8008 or 8080 you can test a web server or even run one on a machine where you don't have root access.
I hope this introduction to ports, protocols and services has been helpful to you. I welcome your comments.